CVE Ape is an open source command-line tool that creates a local copy of the National Vulnerability Database (NVD) and Common Vulnerabilities and Exposures (CVEs) databases for offline vulnerability searching. The tool allows users to search for registered CVEs by package name, vendor name, or through OS libraries and packages listed in package lists. It downloads CVE data and stores it locally in the ~/.cache/cve-ape/ directory, enabling offline operations after the initial database creation. CVE Ape is designed primarily for reviewing Linux-based IoT devices but can be integrated into CI/CD pipelines to enhance security maintenance. The tool provides basic vulnerability identification capabilities, though it does not check for backports or vendor-specific patches unless explicitly configured. The application requires an initial online update to establish the local database before offline functionality becomes available. It operates through a simple interface focused on CVE lookup and identification tasks.
FEATURES
EXPLORE BY TAGS
SIMILAR TOOLS
Simple script to check a domain's email protections and identify vulnerabilities.
LeakIX is a red-team search engine that indexes mis-configurations and vulnerabilities online.
A search engine for the Internet of Things (IoT) that provides real-time information about connected devices.
A fully customizable, offensive security reporting solution for pentesters, red teamers, and other security professionals.
An AI-powered Google Dorking tool that helps create effective search queries to uncover sensitive information on the internet.
Automate Google Hacking Database scraping and searching with Pagodo, a tool for finding vulnerabilities and sensitive information.
An OSINT tool that generates username lists for companies on LinkedIn for social engineering attacks or security testing purposes.
A LinkedIn reconnaissance tool for gathering information about companies and individuals on the platform.
PINNED

Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.

Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.

DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.